MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Mit
  • Kerberos 5
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Eus
  • Enterprise Linux Tus
  • Enterprise Linux Workstation

Configuration 1 [-]

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
krb5-0:1.6.1-78.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2014:1245 2014-09-16T00:00:00Z
Red Hat Enterprise Linux 6
krb5-0:1.10.3-33.el6 cpe:/o:redhat:enterprise_linux:6 RHSA-2014:1389 2014-10-13T00:00:00Z
Red Hat Enterprise Linux 7
krb5-0:1.12.2-14.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2015:0439 2015-03-05T00:00:00Z
References
Link Providers
http://advisories.mageia.org/MGASA-2014-0345.html cve-icon cve-icon
http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc cve-icon cve-icon
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0439.html cve-icon cve-icon
http://secunia.com/advisories/59102 cve-icon cve-icon
http://secunia.com/advisories/60082 cve-icon cve-icon
http://secunia.com/advisories/60448 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201412-53.xml cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3000 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 cve-icon cve-icon
http://www.securityfocus.com/bid/68909 cve-icon cve-icon
http://www.securitytracker.com/id/1030706 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 cve-icon cve-icon
https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-4341 cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-4341 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-07-20T10:00:00

Updated: 2024-08-06T11:12:35.155Z

Reserved: 2014-06-20T00:00:00

Link: CVE-2014-4341

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2014-07-20T11:12:50.823

Modified: 2021-02-02T19:00:48.647

Link: CVE-2014-4341

cve-icon Redhat

Severity : Low

Publid Date: 2014-06-26T00:00:00Z

Links: CVE-2014-4341 - Bugzilla